WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin PopAd versions = 1.0.4...

CVE-2025-9616

The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAdresetcookietime function. This makes it possible for unauthenticated attackers to reset cookie time settings via...

CVE-2025-9616 PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update

The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAdresetcookietime function. This makes it possible for unauthenticated attackers to reset cookie time settings via...

CVE-2025-9616

Consolidated details confirm CVE-2025-9616 affects the WordPress PopAd plugin (versions up to and including 1.0.4). The vulnerability is Cross-Site Request Forgery due to missing/incorrect nonce validation in PopAd_reset_cookie_time, enabling unauthenticated attackers to coerce an admin into a co...

PT-2025-35900

Name of the Vulnerable Software and Affected Versions: PopAd plugin for WordPress versions prior to 1.0.5 Description: The PopAd plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the PopAd reset cookie time function. This allows...

WordPress plugin PopAd 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...